Penetration Testing mailing list archives
Re: Pentest Letter of Achievement/Certificate
From: Mike Klingler <mike () securitymetrics com>
Date: Thu, 14 Jul 2005 20:09:27 -0600
Paul Fields wrote:
Payment Card Industry data security standards specifically ask for quarterly vulnerability scans and annual pen testing. Gramm-Leach-Bliley Act also asks for periodic testing of systems. Now that they ask for it, how do you prove what you've done?
Well they do have a list of companies that can do the VA scanning that they accept. Anyone can try to get on the list to do scanning for it.
One of the reasons we use repeatable methodologies in audits is the assumption that someone else using the same knowledge, tools, and techniques could easily come up with the same results.
They evaluate the different companies scanning with a baseline set of systems that have weaknesses on them. If you do well enough for them you get accepted. Michael Klingler
Current thread:
- RE: GPRS Security, (continued)
- RE: GPRS Security Sahir Hidayatullah (Jul 19)
- source code audit manoj kumar (Jul 19)
- Re: Pentest Letter of Achievement/Certificate R. DuFresne (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Travis Good (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- RE: Pentest Letter of Achievement/Certificate Paul Fields (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Mike Klingler (Jul 15)
- RE: Pentest Letter of Achievement/Certificate Lyal Collins (Jul 15)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Matthew J. Harmon (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Mark Teicher (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Michael Sierchio (Jul 13)